sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

one more update regarding last few "unescape" related commits

Browse Source
This commit is contained in:
Miroslav Stampar 2011-02-06 20:23:23 +00:00
parent caaac72029
commit d2b96a66a2
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/controller/checks.py
View File

@ -167,6 +167,10 @@ def checkSqlInjection(place, parameter, value):
continue continue
# Force back-end DBMS according to the current
# test value for proper payload unescaping
Backend.forceDbms(dbms)
# Skip test if it does not match the same SQL injection clause # Skip test if it does not match the same SQL injection clause
# already identified by another test # already identified by another test
clauseMatch = False clauseMatch = False
@ -359,10 +363,6 @@ def checkSqlInjection(place, parameter, value):
# used afterwards by Agent.forgeInbandQuery() # used afterwards by Agent.forgeInbandQuery()
# method to forge the UNION query payload # method to forge the UNION query payload
# Force back-end DBMS according to the current
# test value for proper payload unescaping
Backend.forceDbms(dbms)
configUnion(test.request.char, test.request.columns) configUnion(test.request.char, test.request.columns)
if not Backend.getIdentifiedDbms(): if not Backend.getIdentifiedDbms():
@ -384,9 +384,6 @@ def checkSqlInjection(place, parameter, value):
# by unionTest() directly # by unionTest() directly
where = vector[6] where = vector[6]
# Reset forced back-end DBMS value
Backend.flushForcedDbms()
# If the injection test was successful feed the injection # If the injection test was successful feed the injection
# object with the test's details # object with the test's details
if injectable is True: if injectable is True:
@ -442,6 +439,9 @@ def checkSqlInjection(place, parameter, value):
# boundaries # boundaries
break break
# Reset forced back-end DBMS value
Backend.flushForcedDbms()
except KeyboardInterrupt: except KeyboardInterrupt:
warnMsg = "Ctrl+C detected in detection phase" warnMsg = "Ctrl+C detected in detection phase"
logger.warn(warnMsg) logger.warn(warnMsg)
@ -458,6 +458,10 @@ def checkSqlInjection(place, parameter, value):
elif test[0] in ("q", "Q"): elif test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise sqlmapUserQuitException
finally:
# Reset forced back-end DBMS value
Backend.flushForcedDbms()
# Return the injection object # Return the injection object
if injection.place is not None and injection.parameter is not None: if injection.place is not None and injection.parameter is not None:
return injection return injection